CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
94.5%
Added: 08/03/2010
CVE: CVE-2010-2777
BID: 41704
OSVDB: 66623
Novell GroupWise is an e-mail and collaboration product suite.
A buffer overflow vulnerability exists within the IMAP component of the Novell GroupWise Internet Agent service and is due to a boundary error while handling a provided mailbox name for the CREATE command. An authenticated attacker could exploit this vulnerability by sending a crafted message to the server.
Update or apply the patch as specified in the Novell advisory.
<http://www.zerodayinitiative.com/advisories/ZDI-10-129>
Exploit works on Novell GroupWise 8.0.
A valid IMAP user must be provided to the exploit script.
Windows